On Mon, 10 Feb 2020 at 16:19, Tony Finch <[email protected]> wrote: >8
> When I was working out how a SHA-1 attack could work with TXT records, > (https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html) > one of the problems was that the collision blocks in the best attack so > far are 588 bytes, which is too big to fit into a single TXT string. So > there will be length bytes inside the collision blocks which can't easily > be controlled by the attacker. The solution is to append 255 zero bytes > which is enough to fill the tail end of any string specified by the last > length byte in the collision blocks, and any excess zero bytes get treated > as a sequence of empty strings. The troublesome length bytes can be avoided by (ab)using a generic URI RR instead: 64kilobeef. TYPE256 \# 8 deadbeefdeadbeef which allows arbitrary content (3 < length < ~64k). Note that the URI target text occupies the remaining RDATA after the weight field. -- Dick _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
